Telstra tracks mobile users to build web filter

Says website monitoring 'definitely not' for marketing.

Telstra has confirmed it is tracking websites visited by its mobile users in the lead up to a launch of a new web filtering solution.

Days after suspicions of Telstra's networking monitoring activity was first aroused, the telco has revealed it captures web addresses visited by millions of subscribers on its Next G network.

The addresses are compared to a blacklist of criminal sites curated by web filtering company Netsweeper, and held both in Australia and the US.

Users first noticed the new activity when they directed their Telstra devices to the telco's web servers and noticed it was also visited split seconds after by a Chicago IP address, believed to be held in a Rackspace facility.

Network engineers and users on the Whirlpool user forums suspected the activity was a marketing effort used to gather intelligence on the activities of Telstra customers.

However, Telstra has since clarified that the activity was conducted ahead of a launch of a voluntary web filtering offering for mobile users.

The monitoring appears to relate to an as-yet unreleased feature dubbed "Smart Controls" that would allow users to access "mobile internet browsing restrictions and call restrictions on Telstra mobile services".

According to Telstra documentation (pdf) updated on Tuesday — and uploaded after SC approached the telco for comment — users who opt into the feature would pay $2.95 per month for the ability to restrict internet access on mobiles associated with their account based on specific URLs and content categories, or allow access to only specific URLs.

The feature would only be available to newer Telstra customers — those on its Siebel-based billing system. It would also provide regular reports of internet use for users when the Smart Controls function is enabled.

"Whilst we take care in filtering content based on the preset internet categories, we cannot guarantee that any or all of the content will be filtered accurately or in accordance with these categories," the documentation reads.

The filtering appears to be only restricted to Telstra mobiles operating over the Next G network; those accessing the internet over a local wi-fi connection would not face the same restrictions.

However, preparation for launch of the service has seen Telstra monitor internet use for all mobile subscribers.

User privacy

Spokesman James Howe told SC that user data was "completely anonymised" before it was sent offshore to be compared against Netsweeper's URL blacklist.

He was unable to confirm if users could opt-out of the data slurping procedure at the time of writing. Senior Telstra technicians reportedly told some engineers that users could not opt out of the website tracking but could request a list of tracked sites through the company’s billing department.

Telstra was waiting on confirmation from its legal team before it is expected to issue a statement later today.

Users contended the activity was far from normal. Former Internode network engineer Mark Newton issued a strongly-worded statement to Telstra’s privacy wing requesting information on the activity in lieu of a request to the federal privacy office.

A similar system, blocking access to child pornography sites, is also run by Telstra for all its subscribers, based on a blacklist curated by Interpol and held by the Australian Federal Police locally.

In a demonstration of the tracking activity, Mark Newton wrote:

"a visit to "http://my-server/13uf2n232.html" yields this hit from my iPad:

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.